In modern mobile communications networks, such as second generation Global System for Mobile Communications (GSM) networks or third generation Universal Mobile Telecommunications System (UMTS) networks, mobile subscribers are univocally identified by an International Mobile Subscriber Identity (IMSI).
With reference to GSM networks, it is known that the IMSI is made up of three groups of codes, namely a three-digit Mobile Country Code (MCC) which identifies the country, a two-digit Mobile Network Code (MNC) which identifies the GSM network within that country, and a Mobile Station Identification Number (MSIN) of up to ten digits. The MSIN univocally identifies the subscriber within a network, while the group consisting of the MNC and the MSIN, which group is conventionally called National Mobile Subscriber Identity or NMSI, identifies the subscriber within a country.
The subscriber's identification codes, such as the IMSI, are usually stored in a smart card called Subscriber Identity Module (SIM), which is accommodated in the user equipment through which a subscriber benefits of various services provided by the network operator, first of all phone calls.
The ever increasing demand for mobile Internet and multimedia services has brought to the implementation of third generation (3G) networks such as the UMTS. UMTS networks are technically more advanced and allow for better performance, but the basic concepts and needs have remained the same, including the need of univocally identifying a subscriber in the network. In the case of UMTS networks, a Universal Subscriber Identity Module (USIM) is used, which is equivalent to the SIM card but suitably designed for third generation telephony.
The disclosure refers indifferently to 2G and 3G networks so that, from now on, the term SIM will indicate either a SIM or a USIM.
Notwithstanding more and more complex algorithms have been developed and used for encrypting data stored in or exchanged by the SIMs and the network, piracy continues to jeopardise secrecy of such data. In particular, a diffused piracy technique consists in fully cloning a SIM card, creating SIM cards which behave as the original card and are indistinguishable from the original card.
A user equipment on which a cloned SIM card is installed can access all the services that are accessible by the user equipment provided with the “original” SIM card, whereas the corresponding bills are charged to the legitimate subscriber.
The legitimate subscriber is usually not aware of fraudulent uses of his subscription, such as fraudulent mobile calls charged on his account. Even if he suspects that there may be an illegitimate beneficiary of his subscription, the GSM/UMTS network operator is nowadays unable to efficiently detect such fraudulent behaviour.
A possible solution to this problem is to examine the subscriber's phone call list attempting to spot fraudulent use, for example by noticing calls very close from a temporal point of view but originating and/or directed to Service Areas far away from each other or unusual for the subscriber.
This inspection would be a cumbersome one and would be unsuccessful in many cases, for instance when the cloned SIM is used in the same town as the legitimate one.